[RFE] Add 'auth_provider = none' as an option to SSSD

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1339

• Created at 2012-05-15 19:21:43 by sgallagh
• Closed as Invalid
• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=821894

---

https://bugzilla.redhat.com/show_bug.cgi?id=821894 (Red Hat Enterprise Linux 6)

Description of problem:

Currently in SSSD when you want to use only an id_provider and don't want to
use an auth_provider for a certain backend (for example NIS) you will need to
create an empty proxy_pam_target file. This is needed because if you leave the
auth_provider empty (because you aren ot using one) SSSD will assume the same
value applies as is used for id_provider and you are required to enter a value
for proxy_pam_target for SSSD to start up correctly.

Version-Release number of selected component (if applicable):

sssd-1.5.1-66.el6_2.3.x86_64

How reproducible:

Configure SSSD to use a backend that only requires an id_provider and leave the
auth_provider empty.

Steps to Reproduce:
1. Configure SSSD as follows:

[sssd]
config_file_version = 2
services = nss, pam
domains = lab

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75
pwfield = x

[pam]

[domain/lab]
id_provider = proxy
proxy_lib_name = nis

Note: there is no proxy_pam_target directive

2. Start up SSSD, you will see the following error:

(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Loading
backend [proxy] with path [/usr/lib64/sssd/libsss_proxy.so].
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (5): no module
name found in confdb, using [proxy].
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Backend
[proxy] already loaded.
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [sssm_proxy_auth_init] (1): Missing
option proxy_pam_target.
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (0): Error
(22) in module (proxy) initialization (sssm_proxy_auth_init)!
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [be_process_init] (0): fatal error
initializing data providers
(Tue May 15 16:06:14 2012) [sssd[be[lab]]] [main] (0): Could not initialize
backend [22]

3. SSSD now does not function.

4. Now add proxy_pam_target to the lab domain:
[domain/lab]
id_provider = proxy
proxy_lib_name = nis
proxy_pam_target = sss_lab

5. Create an empty file /etc/pam.d/sss_lab

6. Start SSSD, you will see it start properly.

Actual results:

SSSD starts but "fake" configuration directives are needed to get it to start.

Expected results:

You can configure SSSD to not use an auth_provider so that it is clear from the
configuration file no auth_provider is used.

Additional info:

Comments

---

Comment from dpal at 2012-05-17 15:17:04

Fields changed

blockedby: =>
blocking: =>
coverity: =>
feature_milestone: =>
keywords: => easyfix
milestone: NEEDS_TRIAGE => SSSD Deferred
tests: => 0
testsupdated: => 0
upgrade: => 0

---

Comment from jhrozek at 2012-05-24 11:13:52

Ariel found out that the requested behaviour seems to have been already implemented.

From data_provider_be.c:

1882     if (strcasecmp(mod_name, NO_PROVIDER) == 0) {
1883         ret = ENOENT;
1884         goto done;
1885     }

Moving back to NEEDS_TRIAGE mostly because of the associated RHBZ.

---

Comment from sgallagh at 2012-05-24 13:29:55

Fields changed

milestone: SSSD Deferred => NEEDS_TRIAGE

---

Comment from dpal at 2012-05-24 15:22:51

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta

---

Comment from dpal at 2012-08-16 13:38:29

Fields changed

proposed_priority: => Optional

---

Comment from sgallagh at 2012-08-16 14:08:44

Closing as WORKSFORME. The original bug was that the user was assuming that unspecified == none, which is not the case. I will update the BZ as well.

resolution: => worksforme
status: new => closed

---

Comment from dpal at 2012-09-04 23:25:15

This ticket has been evaluated for inclusion into SSSD 1.10 release and was decided to be excluded since it does not match the main goals and themes of the release. It might be considered for later releases.

---

Comment from dpal at 2013-01-02 15:23:36

Fields changed

milestone: SSSD 1.11 beta => SSSD 1.12 beta

---

Comment from sgallagh at 2017-02-24 14:25:34

Metadata Update from @sgallagh:

• Issue set to the milestone: SSSD 1.14 beta